- Docs »
- 9. Network
The Network section of the web interface contains thesecomponents for viewing and configuring network settings on theFreeNAS® system:
- Global Configuration: general network settings.
- Interfaces: settings for each network interface and optionsto configure Bridge,Link Aggregation, and VLANinterfaces.
- IPMI: settings controlling connection to the appliancethrough the hardware side-band management interface if theuser interface becomes unavailable.
- Static Routes: add static routes.
Each of these is described in more detail in this section.
Warning
Making changes to the network interface the web interface usescan result in losing connection to the FreeNAS® system! Misconfiguringnetwork settings might require command line knowledge or physicalaccess to the FreeNAS® system to fix. Be very careful when configuringInterfaces and Link Aggregations.
9.1. Global Configuration¶
Network ➞ Global Configuration,shown inFigure 9.1.1,is for general network settings that are not unique to any particularnetwork interface.
Fig. 9.1.1 Global Network Configuration
Table 9.1.1summarizes the settings on the Global Configuration tab.Hostname and Domain fields are pre-filled asshown in Figure 9.1.1,but can be changed to meet requirements of the local network.
| Setting | Value | Description |
|---|---|---|
| Hostname | string | System host name. Upper and lower case alphanumeric, ., and -characters are allowed. The Hostname and Domain are also displayedunder the iXsystems logo at the top left of the main screen. |
| Domain | string | System domain name. The Hostname and Domain are also displayed underthe iXsystems logo at the top left of the main screen. |
| Additional Domains | string | Additional space-delimited domains to search. Adding search domains can cause slow DNS lookups. |
| IPv4 Default Gateway | IP address | Typically not set. See this note about Gateways.If set, used instead of the default gateway provided by DHCP. |
| IPv6 Default Gateway | IP address | Typically not set. See this note about Gateways. |
| Nameserver 1 | IP address | Primary DNS server. |
| Nameserver 2 | IP address | Secondary DNS server. |
| Nameserver 3 | IP address | Tertiary DNS server. |
| HTTP Proxy | string | Enter the proxy information for the network in the format http://my.proxy.server:3128 orhttp://user:password@my.proxy.server:3128. |
| Enable netwait feature | checkbox | If enabled, network services do not start at boot until the interface is able to pingthe addresses listed in the Netwait IP list. |
| Netwait IP list | string | Only appears when Enable netwait feature is set.Enter a space-delimited list of IP addresses to ping(8). Each addressis tried until one is successful or the list is exhausted. Leave emptyto use the default gateway. |
| Host name database | string | Used to add one entry per line which will be appended to /etc/hosts. Use the formatIP_address space hostname where multiple hostnames can be used if separated by a space. |
When using Active Directory, set the IP address of therealm DNS server in the Nameserver 1 field.
If the network does not have a DNS server, or NFS, SSH, or FTP usersare receiving “reverse DNS” or timeout errors, add an entry for the IPaddress of the FreeNAS® system in the Host name databasefield.
Note
In many cases, a FreeNAS® configuration does not includedefault gateway information as a way to make it more difficult fora remote attacker to communicate with the server. While this is areasonable precaution, such a configuration does not restrictinbound traffic from sources within the local network. However,omitting a default gateway will prevent the FreeNAS® system fromcommunicating with DNS servers, time servers, and mail servers thatare located outside of the local network. In this case, it isrecommended to add Static Routes to be able to reachexternal DNS, NTP, and mail servers which are configured withstatic IP addresses. When a gateway to the Internet is added, makesure the FreeNAS® system is protected by a properly configuredfirewall.
9.2. Interfaces¶
Network ➞ Interfacesshows all physical Network Interface Controllers (NICs) connected to theFreeNAS® system. These can be edited or new bridge, link aggregation,or Virtual LAN (VLAN) interfaces can be created and added to theinterface list.
Be careful when configuring the network interface that controls theFreeNAS® web interface orweb connectivity can be lost.
To configure a new network interface, go toNetwork ➞ Interfacesand click ADD.
Fig. 9.2.1 Adding a Network Interface
Each Type of configurable network interface changes theavailable options. Table 9.2.1 showswhich settings are available with each interface type.
| Setting | Value | Type | Description |
|---|---|---|---|
| Type | drop-down menu | All | Choose the type of interface. Bridge creates a logical link between multiple networks.Link Aggregation combines multiple network connections into a single interface. A virtual LAN (VLAN)partitions and isolates a segment of the connection. |
| Name | string | All | Enter a name to use for the the interface. Use the format laggX, vlanX, or bridgeX where X is a numberrepresenting a non-parent interface. |
| Description | string | All | Notes or explanatory text about this interface. |
| DHCP | checkbox | All | Enable DHCP to auto-assign anIPv4 address to this interface. Leave unset to create a static IPv4 or IPv6 configuration. Only oneinterface can be configured for DHCP. |
| Autoconfigure IPv6 | drop-down menu | All | Automatically configure the IPv6 address withrtsol(8). Only one interface can be configured thisway. |
| Bridge Members | drop-down menu | Bridge | Network interfaces to include in the bridge. |
| Lagg Protocol | drop-down menu | LinkAggregation | Select the Protocol Type. LACP is the recommended protocol if thenetwork switch is capable of active LACP. Failover is the default protocol choice and should onlybe used if the network switch does not support active LACP. |
| Lagg Interfaces | drop-down menu | LinkAggregation | Select the interfaces to use in the aggregation. Warning: Lagg creation fails when the selectedinterfaces have manually assigned IP addresses. |
| Parent Interface | drop-down menu | VLAN | Select the VLAN Parent Interface. Usually an Ethernet card connected to a switch port configured forthe VLAN. A bridge cannot be selected as a parent interface. New Link Aggregations are notavailable until the system is restarted. |
| Vlan Tag | integer | VLAN | The numeric tag provided by the switched network. |
| Priority Code Point | drop-down menu | VLAN | Select the Class of Service. The available802.1p Class of Service ranges from Best effort (default) to Network control (highest). |
| MTU | integer | All | Maximum Transmission Unit, the largest protocol data unit that can be communicated. The largest workableMTU size varies with network interfaces and equipment. 1500 and 9000 are standard Ethernet MTU sizes. |
| Options | string | All | Additional parameters fromifconfig(8).Separate multiple parameters with a space. For example: mtu 9000 increases the MTU for interfaceswhich support jumbo frames. See this note about MTU and lagg interfaces. |
| IP Address | integer anddrop-down menu | All | Static IPv4 or IPv6 address and subnet mask. Example: 10.0.0.3 and /24. Click ADDto add another IP address. Clicking DELETE removes that IP Address. |
Multiple interfaces cannot be members of the same subnet. SeeMultiple network interfaces on a single subnetfor more information. Check the subnet mask if an error is shown whensetting the IP addresses on multiple interfaces.
Saving a new interface adds an entry to the list inNetwork ➞ Interfaces.A new animated icon also appears in the upper-right web interface panel toshow there are pending network changes.
Network changes must be confirmed before being saved to the FreeNAS®system. A new section is added above the list to confirm the newinterface. To make the change permanent, click COMMIT. ClickDISCARD to revert the FreeNAS® system to the previous networkconfiguration.
Expanding an entry in the list shows further details for that interface.
Editing an interface allows changing all theinterface options except the interfaceType and Name.
9.2.1. Network Bridges¶
A network bridge allows multiple network interfaces to function as asingle interface.
To create a bridge, go toNetwork ➞ Interfacesand click ADD. Choose Bridge as the Type and continueto configure the interface. See theInterface Configuration Options tablefor descriptions of each option.
Enter bridgeX for the Name, where X is a uniqueinterface number. Open the Bridge Members drop-down menu andselect each interface that will be part of the bridge. ClickSAVE to add the new bridge toNetwork ➞ Interfacesand show options to confirm or revert the new network settings.
9.2.2. Link Aggregations¶
FreeNAS® uses the FreeBSDlagg(4)interface to provide link aggregation and link failover support. Alagg interface allows combining multiple network interfaces into asingle virtual interface. This provides fault-tolerance and high-speedmulti-link throughput. The aggregation protocols supported by lagg bothdetermines the ports to use for outgoing traffic and if a specific portaccepts incoming traffic. The link state of the lagg interface is usedto validate whether the port is active.
Aggregation works best on switches supporting LACP, which distributestraffic bi-directionally while responding to failure of individuallinks. FreeNAS® also supports active/passive failover between pairs oflinks. The LACP and load-balance modes select the output interface usinga hash that includes the Ethernet source and destination address, VLANtag (if available), IP source and destination address, and flow label(IPv6 only). The benefit can only be observed when multiple clients aretransferring files from the NAS. The flow entering into the NASdepends on the Ethernet switch load-balance algorithm.
The lagg driver currently supports several aggregation protocols,although only Failover is recommended on network switches that donot support LACP:
Failover: the default protocol. Sends traffic only through theactive port. If the master port becomes unavailable, the next activeport is used. The first interface added is the master port. Anyinterfaces added later are used as failover devices. By default,received traffic is only accepted when received through the activeport. This constraint can be relaxed, which is useful for certainbridged network setups, by going toSystem ➞ Tunablesand clicking ADD to add a tunable. Set the Variable tonet.link.lagg.failover_rx_all, the Value to a non-zerointeger, and the Type to Sysctl.
LACP: supports the IEEE 802.3ad Link Aggregation Control Protocol(LACP) and the Marker Protocol. LACP negotiates a set of aggregablelinks with the peer into one or more link aggregated groups (LAGs). EachLAG is composed of ports of the same speed, set to full-duplexoperation. Traffic is balanced across the ports in the LAG with thegreatest total speed. In most situations there will be a single LAGwhich contains all ports. In the event of changes in physicalconnectivity, link aggregation quickly converges to a new configuration.LACP must be configured on the network switch and LACP does not supportmixing interfaces of different speeds. Only interfaces that use the samedriver, like two igb ports, are recommended for LACP. Using LACP foriSCSI is not recommended as iSCSI has built-in multipath features whichare more efficient.
Note
When using LACP, verify the switch is configured for activeLACP. Passive LACP is not supported.
Load Balance: balances outgoing traffic across the active portsbased on hashed protocol header information and accepts incoming trafficfrom any active port. This is a static setup and does not negotiateaggregation with the peer or exchange frames to monitor the link. Thehash includes the Ethernet source and destination address, VLAN tag (ifavailable), and IP source and destination address. Requires a switchwhich supports IEEE 802.3ad static link aggregation.
Round Robin: distributes outgoing traffic using a round-robinscheduler through all active ports and accepts incoming traffic fromany active port. This mode can cause unordered packet arrival at theclient. This has a side effect of limiting throughput as reorderingpackets can be CPU intensive on the client. Requires a switch whichsupports IEEE 802.3ad static link aggregation.
None: this protocol disables any traffic without disabling thelagg interface itself.
9.2.2.1. LACP, MPIO, NFS, and ESXi¶
LACP bonds Ethernet connections to improve bandwidth. For example,four physical interfaces can be used to create one mega interface.However, it cannot increase the bandwidth for a single conversation.It is designed to increase bandwidth when multiple clients aresimultaneously accessing the same system. It also assumes that qualityEthernet hardware is used and it will not make much difference whenusing inferior Ethernet chipsets such as a Realtek.
LACP reads the sender and receiver IP addresses and, if they aredeemed to belong to the same TCP connection, always sends the packetover the same interface to ensure that TCP does not need to reorderpackets. This makes LACP ideal for load balancing many simultaneousTCP connections, but does nothing for increasing the speed over oneTCP connection.
MPIO operates at the iSCSI protocol level. For example, if four IPaddresses are created and there are four simultaneous TCP connections,MPIO will send the data over all available links. When configuringMPIO, make sure that the IP addresses on the interfaces are configuredto be on separate subnets with non-overlapping netmasks, or configurestatic routes to do point-to-point communication. Otherwise, allpackets will pass through one interface.
LACP and other forms of link aggregation generally do not work wellwith virtualization solutions. In a virtualized environment, considerthe use of iSCSI MPIO through the creation of an iSCSI Portal with atleast two network cards on different networks. This allows an iSCSIinitiator to recognize multiple links to a target, using them forincreased bandwidth or redundancy. Thishow-tocontains instructions for configuring MPIO on ESXi.
NFS does not understand MPIO. Therefore, one fast interface is needed,since creating an iSCSI portal will not improve bandwidth when usingNFS. LACP does not work well to increase the bandwidth forpoint-to-point NFS (one server and one client). LACP is a goodsolution for link redundancy or for one server and many clients.
9.2.2.2. Creating a Link Aggregation¶
Before creating a link aggregation, see thiswarning about changing the interfacethat the web interface uses.
To create a link aggregation, go toNetwork ➞ Interfacesand click ADD. Choose Link Aggregation as the Typeand continue to fill in the remaining configuration options. See theInterface Configuration Options tablefor descriptions of each option.
Enter laggX for the Name, where X is a uniqueinterface number. There a several Lagg Protocol options, butLACP is preferred. Choose Failover when the network switch does notsupport LACP. Open the Lagg Interfaces drop-down menu toassociate NICs with the lagg device. Click SAVE to add thenew aggregation toNetwork ➞ Interfacesand show options to confirm or revert the new network settings.
Note
If interfaces are installed but do not appear in theLagg Interfaces list, check for a FreeBSD driverfor the interface.
9.2.2.3. Link Aggregation Options¶
Options are set at the lagg level fromNetwork ➞ Interfaces.Find the lagg interface, expand the entry with (Expand), andclick EDIT. Scroll to the Options field. Changes aretypically made at the lagg level as each interface member inheritssettings from the lagg. Configuring at the interface level requiresrepeating the configuration for each interface within the lagg. Settingoptions at the individual interface level is done by editing the parentinterface in the same way as the lagg interface.
If the MTU settings on the lagg member interfaces are not identical,the smallest value is used for the MTU of the entire lagg.
Note
A reboot is required after changing the MTU to create ajumbo frame lagg.
Link aggregation load balancing can be tested with:
systat -ifstat
More information about this command can be found atsystat(1).
9.2.3. VLANs¶
FreeNAS® usesvlan(4)to demultiplex frames with IEEE 802.1q tags. This allows nodes ondifferent VLANs to communicate through a layer 3 switch or router. Avlan interface must be assigned a parent interface and a numeric VLANtag. A single parent can be assigned to multiple vlan interfacesprovided they have different tags.
Note
VLAN tagging is the only 802.1q feature that is implemented.Additionally, not all Ethernet interfaces support full VLANprocessing. See the HARDWARE section ofvlan(4)for details.
To add a new VLAN interface, go toNetwork ➞ Interfacesand click ADD. Choose VLAN as the Type and continuefilling in the remaining fields. See theInterface Configuration Options tablefor descriptions of each option.
The parent interface of a VLAN must be up, but it can either have an IPaddress or be unconfigured, depending upon the requirements of the VLANconfiguration. This makes it difficult for the web interface to do the rightthing without trampling the configuration. To remedy this, add the VLANinterface, then selectNetwork ➞ Interfaces, and click (Options) andEdit for the parent interface. Enter up in theOptions field and click SAVE. This brings up theparent interface. If an IP address is required, configure it using therest of the options in the edit screen.
Warning
Creating a VLAN causes an interruption to networkconnectivity. The web interface requires confirming the new networkconfiguration before it is permanently applied to the FreeNAS® system.
9.3. IPMI¶
Beginning with version 9.2.1, FreeNAS® provides a graphical screen forconfiguring an IPMI interface. This screen will only appear if thesystem hardware includes a Baseboard Management Controller (BMC).
IPMI provides side-band management if the graphical administrativeinterface becomes unresponsive. This allows for a few vital functions,such as checking the log, accessing the BIOS setup, and powering onthe system without requiring physical access to the system. IPMI isalso used to give another person remote access to the system toassist with a configuration or troubleshooting issue. Beforeconfiguring IPMI, ensure that the management interface is physicallyconnected to the network. The IPMI device may share the primaryEthernet interface, or it may be a dedicated separate IPMI interface.
Warning
It is recommended to first ensure that the IPMI has beenpatched against the Remote Management Vulnerability before enablingIPMI. Thisarticleprovides more information about the vulnerability and how to fixit.
Note
Some IPMI implementations require updates to work with newerversions of Java. SeePSA: Java 8 Update 131 breaks ASRock’s IPMI Virtual consolefor more information.
IPMI is configured fromNetwork ➞ IPMI.The IPMI configuration screen, shown inFigure 9.3.1,provides a shortcut to the most basic IPMI configuration. Thosealready familiar with IPMI management tools can use them instead.Table 9.3.1summarizes the options available when configuring IPMI with theFreeNAS® web interface.
Fig. 9.3.1 IPMI Configuration
| Setting | Value | Description |
|---|---|---|
| Channel | drop-down menu | Select the channel to use. |
| Password | string | Enter the password used to connect to the IPMI interface from a web browser.The maximum length is 20 characters. |
| DHCP | checkbox | If left unset, IPv4 Address, IPv4 Netmask,and Ipv4 Default Gateway must be set. |
| IPv4 Address | string | IP address used to connect to the IPMI web interface. |
| IPv4 Netmask | drop-down menu | Subnet mask associated with the IP address. |
| IPv4 Default Gateway | string | Default gateway associated with the IP address. |
| VLAN ID | string | Enter the VLAN identifier if the IPMI out-of-band management interface isnot on the same VLAN as management networking. |
After configuration, the IPMI interface is accessed using a webbrowser and the IP address specified in the configuration. Themanagement interface prompts for a username and the configuredpassword. Refer to the IPMI device documentation to determine thedefault administrative username.
After logging in to the management interface, the defaultadministrative username can be changed, and additional users created.The appearance of the IPMI utility and the functions that areavailable vary depending on the hardware.
9.4. Network Summary¶
Network ➞ Network Summaryshows a quick summary of the addressing information of everyconfigured interface. For each interface name, the configured IPv4 andIPv6 addresses, default routes, and DNS namerservers are displayed.
9.5. Static Routes¶
No static routes are defined on a default FreeNAS® system. If a staticroute is required to reach portions of the network, add the route bygoing to Network ➞ Static Routes, and clickingADD. This is shown in Figure 9.5.1.
Fig. 9.5.1 Adding a Static Route
The available options are summarized inTable 9.5.1.
| Setting | Value | Description |
|---|---|---|
| Destination | integer | Use the format A.B.C.D/E whereE is the CIDR mask. |
| Gateway | integer | Enter the IP address of the gateway. |
| Description | string | Optional. Add any notes about theroute. |
Added static routes are shown inNetwork ➞ Static Routes. Click (Options) ona route entry to access the Edit and Deletebuttons.
